HackerOne Vulnerability Reporting Guidelines
Last updated July 24, 2024
HackerOne is committed to fostering a responsible and ethical hacking community. This guide outlines the best practices and guidelines for reporting vulnerabilities on the HackerOne platform, ensuring that security weaknesses are disclosed in a clear, concise, and professional manner.
HackerOne Vulnerability Reporting Guidelines:
- Report Only Valid Issues: Focus on reporting legitimate vulnerabilities, not feature requests, minor cosmetic issues, or issues that are already publicly known.
- Conduct Thorough Research: Ensure you have properly researched and validated the vulnerability before submitting a report. This includes verifying the impact, potential exploitation, and verifying it's not a duplicate.
- Respect Program Rules: Always adhere to the specific program rules and guidelines set forth by the program organizer. These may include restrictions on specific attack types, disclosure methods, or reporting timelines.
- Provide Clear and Concise Information: Compose your vulnerability report using a clear and concise language. Include detailed steps on how to reproduce the vulnerability, the impact it could potentially have, and any relevant technical details.
- Include Proof of Concept (PoC): Provide solid proof of concept (PoC) to support your report. This should clearly demonstrate the vulnerability and its potential impact.
- Avoid Unnecessary Data Disclosure: Limit the amount of sensitive data included in your report. Focus on providing the necessary information to understand the vulnerability and its potential impact, without revealing confidential information.
- Communication and Collaboration: Be proactive in communicating with the program team during the triaging process. Respond to their requests for additional information and be patient while they investigate the reported vulnerability.
- Maintain Professionalism: Maintain a professional and respectful tone throughout the reporting process. This includes communicating effectively with the program team and respecting the confidentiality agreements of the program.
- Follow Ethical Guidelines: Adhere to ethical hacking principles and avoid any actions that could compromise the security or integrity of the system you're testing. This includes refraining from exploiting vulnerabilities for personal gain or causing harm.
Was this article helpful?